"((r, s') \<in> fst (exec_transformed sr A s)) = (\<exists>t t'. (s, t) \<in> sr \<and> (s', t') \<in> sr \<and> (r, t') \<in> fst (A t))"
apply (clarsimp simp: exec_transformed_def)
apply force
done
lemma snd_exec_transformed:
"snd (exec_transformed sr M s) = (\<exists>x. (s, x) \<in> sr \<and> snd (M x))"
by (clarsimp simp: exec_transformed_def)
lemma exec_transformed_Id [simp]:
"exec_transformed Id M = M"
apply (auto simp: exec_transformed_def)
done
lemma exec_transformed_valid_def:
"\<lbrace> P \<rbrace> exec_transformed sr M \<lbrace> Q \<rbrace> = \<lbrace> \<lambda>s. \<exists>s'. (s', s) \<in> sr \<and> P s' \<rbrace> M \<lbrace> \<lambda>r s. \<forall>s'. (s', s) \<in> sr \<longrightarrow> Q r s' \<rbrace>"
"\<lbrace> \<lambda>s. \<exists>s'. (s', s) \<in> sr \<and> P s' \<rbrace> M \<lbrace> \<lambda>r s. \<forall>s'. (s', s) \<in> sr \<longrightarrow> Q r s' \<rbrace> \<Longrightarrow> \<lbrace> P \<rbrace> exec_transformed sr M \<lbrace> Q \<rbrace>"
apply (subst exec_transformed_valid_def)
apply simp
done
lemma exec_transformedE_wp [wp]:
"\<lbrace> \<lambda>s. \<exists>s'. (s', s) \<in> sr \<and> P s' \<rbrace> M \<lbrace> \<lambda>r s. \<forall>s'. (s', s) \<in> sr \<longrightarrow> Q r s' \<rbrace>,\<lbrace> \<lambda>r s. \<forall>s'. (s', s) \<in> sr \<longrightarrow> E r s' \<rbrace>
\<Longrightarrow> \<lbrace> P \<rbrace> exec_transformed sr M \<lbrace> Q \<rbrace>,\<lbrace> E \<rbrace>"
"\<lbrace> \<lambda>s. \<forall>s''. (\<exists>s'. (s, s') \<in> sr \<and> (s'', s') \<in> sr) \<longrightarrow> P a s'' \<rbrace> exec_transformed sr (return a) \<lbrace> P \<rbrace>"
"\<lbrace> \<lambda>s. \<forall>s''. (\<exists>s'. (s, s') \<in> sr \<and> (s'', s') \<in> sr) \<longrightarrow> P a s'' \<rbrace> exec_transformed sr (returnOk a) \<lbrace> P \<rbrace>,\<lbrace> E \<rbrace>"
"snd (exec_concrete st M s) = (\<exists>x. st x = s \<and> snd (M x))"
by (fastforce simp: exec_concrete_def)
lemma exec_concrete_id [simp]:
"exec_concrete id M = M"
"exec_concrete (\<lambda>a. a) M = M"
apply (auto simp: exec_concrete_def)
done
lemma exec_concrete_wp [wp]:
"\<lbrace> \<lambda>s. P (st s) \<rbrace> M \<lbrace> \<lambda>r s. Q r (st s) \<rbrace> \<Longrightarrow> \<lbrace> P \<rbrace> exec_concrete st M \<lbrace> Q \<rbrace>"
"\<lbrace> \<lambda>s. P (st s) \<rbrace> M \<lbrace> \<lambda>r s. Q r (st s) \<rbrace>! \<Longrightarrow> \<lbrace> P \<rbrace> exec_concrete st M \<lbrace> Q \<rbrace>!"
"((r, t) \<in> fst (exec_abstract st A s)) = (\<exists>t'. st t = t' \<and> (r, t') \<in> fst (A (st s)))"
by (clarsimp simp: exec_abstract_def split_def image_def)
lemma snd_exec_abstract [monad_eq]:
"snd (exec_abstract st M s) = (snd (M (st s)))"
by (clarsimp simp: exec_abstract_def)
lemma exec_abstract_id [simp]:
"exec_abstract id M = M"
"exec_abstract (\<lambda>a. a) M = M"
apply (auto simp: exec_abstract_def)
done
lemma exec_abstract_valid_def:
"\<lbrace> P \<rbrace> exec_abstract st M \<lbrace> Q \<rbrace> = \<lbrace> \<lambda>s. \<exists>s'. st s' = s \<and> P s' \<rbrace> M \<lbrace> \<lambda>r s. \<forall>t. st t = s \<longrightarrow> Q r t \<rbrace>"
apply (subst exec_abstract_transformed)
apply (subst exec_transformed_valid_def)
apply (fastforce simp: valid_def)
done
lemma exec_abstract_wp [wp]:
"\<lbrakk> \<lbrace> P \<rbrace> M \<lbrace> \<lambda>r s. \<forall>t. st t = s \<longrightarrow> Q r t \<rbrace> \<rbrakk>
\<Longrightarrow> \<lbrace> \<lambda>s. P (st s) \<rbrace> exec_abstract st M \<lbrace> Q \<rbrace>"
apply (subst exec_abstract_valid_def)
apply (clarsimp simp: valid_def)
apply force
done
lemma exec_abstractE_wp [wp]:
"\<lbrakk> \<lbrace> P \<rbrace> M \<lbrace> \<lambda>r s. \<forall>t. st t = s \<longrightarrow> Q r t \<rbrace>,\<lbrace> \<lambda>r s. \<forall>t. st t = s \<longrightarrow> E r t \<rbrace> \<rbrakk>
\<Longrightarrow> \<lbrace> \<lambda>s. P (st s) \<rbrace> exec_abstract st M \<lbrace> Q \<rbrace>,\<lbrace> E \<rbrace>"
"\<lbrakk> \<lbrace> P \<rbrace> M \<lbrace> \<lambda>r s. \<forall>t. st t = s \<longrightarrow> Q r t \<rbrace>! \<rbrakk>
\<Longrightarrow> \<lbrace> \<lambda>s. P (st s) \<rbrace> exec_abstract st M \<lbrace> Q \<rbrace>!"
apply rule
apply (rule exec_abstract_wp)
apply (erule validNF_valid)
apply (rule exec_abstract_no_fail)
apply (rule validNF_no_fail)
apply (erule validNF_weaken_pre)
apply force
done
lemma exec_abstract_return_wp [wp]:
"\<lbrace> \<lambda>s. \<forall>t. st s = st t \<longrightarrow> P a t \<rbrace> exec_abstract st (return a) \<lbrace> P \<rbrace>"
apply wp
apply clarsimp
done
lemma exec_abstract_returnOk_wp [wp]:
"\<lbrace> \<lambda>s. \<forall>t. st s = st t \<longrightarrow> P a t \<rbrace> exec_abstract st (returnOk a) \<lbrace> P \<rbrace>,\<lbrace> E \<rbrace>"
apply wp
apply clarsimp
done
lemma exec_abstract_return_wp_nf [wp]:
"\<lbrace> \<lambda>s. \<forall>t. st s = st t \<longrightarrow> P a t \<rbrace> exec_abstract st (return a) \<lbrace> P \<rbrace>!"
apply wp
apply clarsimp
done
lemma exec_abstract_fail_wp_nf [wp]:
"\<lbrace> \<lambda>s. False \<rbrace> exec_abstract st fail \<lbrace> P \<rbrace>!"